package com.jlcloud.core.oauth2.granter;

import com.jlcloud.core.oauth2.exception.ExceptionCode;
import com.jlcloud.core.oauth2.exception.OAuth2ErrorCode;
import com.jlcloud.core.oauth2.exception.UserInvalidException;
import com.jlcloud.core.oauth2.handler.PasswordHandler;
import com.jlcloud.core.oauth2.provider.OAuth2Request;
import com.jlcloud.core.oauth2.service.OAuth2Client;
import com.jlcloud.core.oauth2.service.OAuth2ClientService;
import com.jlcloud.core.oauth2.service.OAuth2User;
import com.jlcloud.core.oauth2.service.OAuth2UserService;
import com.jlcloud.core.oauth2.utils.OAuth2CodeUtil;
import com.jlcloud.core.oauth2.utils.OAuth2ExceptionUtil;
import com.jlcloud.core.redis.cache.JlCloudRedis;
import com.jlcloud.core.tool.utils.ObjectUtil;
import com.jlcloud.core.tool.utils.StringUtil;
import org.springframework.stereotype.Component;

import java.util.Optional;

/**
 * AuthorizationCodeGranter
 *
 * @author By: JlCloud <br>
 * @Package: com.jlcloud <br>
 * @CreateTime: 2024-12-03 21:45 <br>
 * @Copyright: 2021 www.jilianjituan.com Inc. All rights reserved. <br>
 * @Caution 注意：本内容仅限于冀联人力集团内部传阅，禁止外泄以及用于其他的商业目的 <br>
 */
@Component
public class AuthorizationCodeGranter extends AbstractTokenGranter {

	private final OAuth2UserService userService;
	private final PasswordHandler passwordHandler;
	private final JlCloudRedis jlcloudRedis;

	public AuthorizationCodeGranter(OAuth2ClientService clientService, OAuth2UserService userService, PasswordHandler passwordHandler, JlCloudRedis jlcloudRedis) {
		super(clientService, userService, passwordHandler);
		this.userService = userService;
		this.passwordHandler = passwordHandler;
		this.jlcloudRedis = jlcloudRedis;
	}

	@Override
	public String type() {
		return AUTHORIZATION_CODE;
	}

	@Override
	public OAuth2User user(OAuth2Request request) {
		// 获取客户端信息并校验
		OAuth2Client client = client(request);
		if (!StringUtil.equals(client.getWebServerRedirectUri(), request.getRedirectUri())) {
			OAuth2ExceptionUtil.throwFromCode(OAuth2ErrorCode.INVALID_CLIENT_REDIRECT_URI);
		}
		// 根据code获取用户信息
		String code = request.getCode();
		OAuth2User user = jlcloudRedis.get(OAuth2CodeUtil.codeKey(code));
		// 判断用户是否存在
		if (ObjectUtil.isNotEmpty(user)) {
			// 校验用户信息
			if (!userService.validateUser(user)) {
				OAuth2ExceptionUtil.throwFromCode(OAuth2ErrorCode.INVALID_USER);
			}
			// 校验用户密码
			if ((request.isCaptchaCode() || request.isPassword()) && !passwordHandler.matches(request.getPassword(), user.getPassword())) {
				OAuth2ExceptionUtil.throwFromCode(OAuth2ErrorCode.INVALID_USER);
			}
			// 设置客户端信息
			user.setClient(client);
			// 返回user
			return Optional.ofNullable(this.enhancer)
				.map(enhancer -> enhancer.enhance(user, request))
				.orElse(user);
		}
		throw new UserInvalidException(ExceptionCode.INVALID_USER.getMessage());
	}

}
